Six months after finalizing its cybersecurity rule, the U.S. Coast Guard has now enacted it across the Marine Transportation System (MTS) as of this week. The rule mandates reporting of cyber incidents, annual cybersecurity training, and submission of a Cybersecurity Plan by 2027. Foreign-flagged vessels should also prepare for heightened Port State Control scrutiny related to cybersecurity under the ISM Code.
Targeted at U.S.-flagged vessels, Outer Continental Shelf (OCS) facilities, and facilities subject to the Maritime Transportation Security Act of 2002 (MTSA), the final rule was executed in continuation of updates to the Captain of the Port authority that definitively designated cybersecurity vulnerabilities as a potential threat to the security and safety of U.S. ports.
Requirements in the final rule include developing and maintaining a Cybersecurity Plan, designating a Cybersecurity Officer (CySO), and taking various measures to maintain cybersecurity within the MTS.
The regulation includes a phased implementation schedule. As of the effective date, July 16, 2025, all reportable cyber incidents must be reported to the National Response Center. By Jan. 12, next year, and annually after that, all personnel are required to complete the training outlined in 33 CFR 101.650. By July 16, 2027, owners and operators must designate a Cybersecurity Officer, conduct a Cybersecurity Assessment, and submit a Cybersecurity Plan for approval.
Recognizing the escalating cyber threat from adversarial actors targeting its MTS, the Coast Guard, leveraging the post-9/11 alignment of domestic MTSA authorities with international SOLAS (Safety of Life at Sea) and ISPS (International Ship and Port Facility Security) Code regimes, will intensify Port State Control (PSC) scrutiny on indicators of poor cybersecurity practices, specifically those impacting International Safety Management (ISM) Code compliance on foreign flagged vessels.
The elevated focus may lead to the issuance of deficiencies requiring correction, or, if circumstances warrant, result in vessel detention, denial of entry or Captain of the Port (COTP) action to control vessel movement, as the Coast Guard implements measures to control, secure and defend the nation’s ports, waterways and shipping interests while restoring U.S. maritime dominance.
